op public repos

Blob

Date:: Mon Jan 11 13:08:00 2021 UTC
Message:: s/uri/iri since we accept IRIs
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2020 Omar Polo <op@omarpolo.com>
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <sys/mman.h>
18 #include <sys/stat.h>
19 
20 #include <assert.h>
21 #include <err.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <limits.h>
25 #include <netdb.h>
26 #include <signal.h>
27 #include <stdarg.h>
28 #include <string.h>
29 
30 #include "gmid.h"
31 
32 #define LOGE(c, fmt, ...) logs(LOG_ERR,    c, fmt, __VA_ARGS__)
33 #define LOGN(c, fmt, ...) logs(LOG_NOTICE, c, fmt, __VA_ARGS__)
34 #define LOGI(c, fmt, ...) logs(LOG_INFO,   c, fmt, __VA_ARGS__)
35 #define LOGD(c, fmt, ...) logs(LOG_DEBUG,  c, fmt, __VA_ARGS__)
36 
37 const char *dir, *cgi;
38 int dirfd;
39 int port;
40 int foreground;
41 int connected_clients;
42 
43 struct etm {			/* file extension to mime */
44 	const char	*mime;
45 	const char	*ext;
46 } filetypes[] = {
47 	{"application/pdf",	"pdf"},
48 
49 	{"image/gif",		"gif"},
50 	{"image/jpeg",		"jpg"},
51 	{"image/jpeg",		"jpeg"},
52 	{"image/png",		"png"},
53 	{"image/svg+xml",	"svg"},
54 
55 	{"text/gemini",		"gemini"},
56 	{"text/gemini",		"gmi"},
57 	{"text/markdown",	"markdown"},
58 	{"text/markdown",	"md"},
59 	{"text/plain",		"txt"},
60 	{"text/xml",		"xml"},
61 
62 	{NULL, NULL}
63 };
64 
65 static inline void
66 safe_setenv(const char *name, const char *val)
67 {
68 	if (val == NULL)
69 		val = "";
70 	setenv(name, val, 1);
71 }
72 
73 __attribute__ ((format (printf, 1, 2)))
74 static inline void __dead
75 fatal(const char *fmt, ...)
76 {
77 	va_list ap;
78 
79 	va_start(ap, fmt);
80 
81 	if (foreground) {
82 		vfprintf(stderr, fmt, ap);
83 		fprintf(stderr, "\n");
84 	} else
85 		vsyslog(LOG_DAEMON | LOG_CRIT, fmt, ap);
86 
87 	va_end(ap);
88 	exit(1);
89 }
90 
91 __attribute__ ((format (printf, 3, 4)))
92 static inline void
93 logs(int priority, struct client *c,
94     const char *fmt, ...)
95 {
96 	char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
97 	char *fmted, *s;
98 	size_t len;
99 	int ec;
100 	va_list ap;
101 
102 	va_start(ap, fmt);
103 
104 	len = sizeof(c->addr);
105 	ec = getnameinfo((struct sockaddr*)&c->addr, len,
106 	    hbuf, sizeof(hbuf),
107 	    sbuf, sizeof(sbuf),
108 	    NI_NUMERICHOST | NI_NUMERICSERV);
109 	if (ec != 0)
110 		fatal("getnameinfo: %s", gai_strerror(ec));
111 
112 	if (vasprintf(&fmted, fmt, ap) == -1)
113 		fatal("vasprintf: %s", strerror(errno));
114 
115 	if (foreground)
116 		fprintf(stderr, "%s:%s %s\n", hbuf, sbuf, fmted);
117 	else {
118 		if (asprintf(&s, "%s:%s %s", hbuf, sbuf, fmted) == -1)
119 			fatal("asprintf: %s", strerror(errno));
120 		syslog(priority | LOG_DAEMON, "%s", s);
121 		free(s);
122 	}
123 
124 	free(fmted);
125 
126 	va_end(ap);
127 }
128 
129 void
130 sig_handler(int sig)
131 {
132 	(void)sig;
133 }
134 
135 int
136 starts_with(const char *str, const char *prefix)
137 {
138 	size_t i;
139 
140 	for (i = 0; prefix[i] != '\0'; ++i)
141 		if (str[i] != prefix[i])
142 			return 0;
143 	return 1;
144 }
145 
146 int
147 start_reply(struct pollfd *pfd, struct client *client, int code, const char *reason)
148 {
149 	char buf[1030] = {0}; 	/* status + ' ' + max reply len + \r\n\0 */
150 	int len;
151 	int ret;
152 
153 	client->code = code;
154 	client->meta = reason;
155 	client->state = S_INITIALIZING;
156 
157 	len = snprintf(buf, sizeof(buf), "%d %s\r\n", code, reason);
158 	assert(len < (int)sizeof(buf));
159 	ret = tls_write(client->ctx, buf, len);
160 	if (ret == TLS_WANT_POLLIN) {
161 		pfd->events = POLLIN;
162 		return 0;
163 	}
164 
165 	if (ret == TLS_WANT_POLLOUT) {
166 		pfd->events = POLLOUT;
167 		return 0;
168 	}
169 
170 	return 1;
171 }
172 
173 ssize_t
174 filesize(int fd)
175 {
176 	ssize_t len;
177 
178 	if ((len = lseek(fd, 0, SEEK_END)) == -1)
179 		return -1;
180 	if (lseek(fd, 0, SEEK_SET) == -1)
181 		return -1;
182 	return len;
183 }
184 
185 const char *
186 path_ext(const char *path)
187 {
188 	const char *end;
189 
190 	end = path + strlen(path)-1; /* the last byte before the NUL */
191 	for (; end != path; --end) {
192 		if (*end == '.')
193 			return end+1;
194 		if (*end == '/')
195 			break;
196 	}
197 
198 	return NULL;
199 }
200 
201 const char *
202 mime(const char *path)
203 {
204 	const char *ext, *def = "application/octet-stream";
205 	struct etm *t;
206 
207 	if ((ext = path_ext(path)) == NULL)
208 		return def;
209 
210 	for (t = filetypes; t->mime != NULL; ++t)
211 		if (!strcmp(ext, t->ext))
212 			return t->mime;
213 
214 	return def;
215 }
216 
217 int
218 check_path(struct client *c, const char *path, int *fd)
219 {
220 	struct stat sb;
221 
222 	assert(path != NULL);
223 	if ((*fd = openat(dirfd, *path ? path : ".",
224 		    O_RDONLY | O_NOFOLLOW | O_CLOEXEC)) == -1) {
225 		return FILE_MISSING;
226 	}
227 
228 	if (fstat(*fd, &sb) == -1) {
229 		LOGN(c, "failed stat for %s: %s", path, strerror(errno));
230 		return FILE_MISSING;
231 	}
232 
233 	if (S_ISDIR(sb.st_mode))
234 		return FILE_DIRECTORY;
235 
236 	if (sb.st_mode & S_IXUSR)
237 		return FILE_EXECUTABLE;
238 
239 	return FILE_EXISTS;
240 }
241 
242 /*
243  * the inverse of this algorithm, i.e. starting from the start of the
244  * path + strlen(cgi), and checking if each component, should be
245  * faster.  But it's tedious to write.  This does the opposite: starts
246  * from the end and strip one component at a time, until either an
247  * executable is found or we emptied the path.
248  */
249 int
250 check_for_cgi(char *path, char *query, struct pollfd *fds, struct client *c)
251 {
252 	char *end;
253 	end = strchr(path, '\0');
254 
255 	/* NB: assume CGI is enabled and path matches cgi */
256 
257 	while (end > path) {
258 		/* go up one level.  UNIX paths are simple and POSIX
259 		 * dirname, with its ambiguities on if the given path
260 		 * is changed or not, gives me headaches. */
261 		while (*end != '/')
262 			end--;
263 		*end = '\0';
264 
265 		switch (check_path(c, path, &c->fd)) {
266 		case FILE_EXECUTABLE:
267 			return start_cgi(path, end+1, query, fds,c);
268 		case FILE_MISSING:
269 			break;
270 		default:
271 			goto err;
272 		}
273 
274 		*end = '/';
275 		end--;
276 	}
277 
278 err:
279 	if (!start_reply(fds, c, NOT_FOUND, "not found"))
280 		return 0;
281 	goodbye(fds, c);
282 	return 0;
283 }
284 
285 
286 int
287 open_file(char *fpath, char *query, struct pollfd *fds, struct client *c)
288 {
289 	switch (check_path(c, fpath, &c->fd)) {
290 	case FILE_EXECUTABLE:
291 		if (cgi != NULL && starts_with(fpath, cgi))
292 			return start_cgi(fpath, "", query, fds, c);
293 
294 		/* fallthrough */
295 
296 	case FILE_EXISTS:
297 		if ((c->len = filesize(c->fd)) == -1) {
298 			LOGE(c, "failed to get file size for %s", fpath);
299 			goodbye(fds, c);
300 			return 0;
301 		}
302 
303 		if ((c->buf = mmap(NULL, c->len, PROT_READ, MAP_PRIVATE,
304 			    c->fd, 0)) == MAP_FAILED) {
305 			warn("mmap: %s", fpath);
306 			goodbye(fds, c);
307 			return 0;
308 		}
309 		c->i = c->buf;
310 		return start_reply(fds, c, SUCCESS, mime(fpath));
311 
312 	case FILE_DIRECTORY:
313 		LOGD(c, "%s is a directory, trying %s/index.gmi", fpath, fpath);
314 		close(c->fd);
315 		c->fd = -1;
316 		send_dir(fpath, fds, c);
317 		return 0;
318 
319 	case FILE_MISSING:
320 		if (cgi != NULL && starts_with(fpath, cgi))
321 			return check_for_cgi(fpath, query, fds, c);
322 
323 		if (!start_reply(fds, c, NOT_FOUND, "not found"))
324 			return 0;
325 		goodbye(fds, c);
326 		return 0;
327 
328 	default:
329 		/* unreachable */
330 		abort();
331 	}
332 }
333 
334 int
335 start_cgi(const char *spath, const char *relpath, const char *query,
336     struct pollfd *fds, struct client *c)
337 {
338 	pid_t pid;
339 	int p[2]; 		/* read end, write end */
340 
341 	if (pipe(p) == -1)
342 		goto err;
343 
344 	switch (pid = fork()) {
345 	case -1:
346 		goto err;
347 
348 	case 0: { 		/* child */
349 		char *ex, *requri, *portno;
350 		char addr[NI_MAXHOST];
351 		char *argv[] = { NULL, NULL, NULL };
352 		int ec;
353 
354 		close(p[0]);
355 		if (dup2(p[1], 1) == -1)
356 			goto childerr;
357 
358 		if (inet_ntop(c->af, &c->addr, addr, sizeof(addr)) == NULL)
359 			goto childerr;
360 
361 		ec = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
362 		    addr, sizeof(addr),
363 		    NULL, 0,
364 		    NI_NUMERICHOST | NI_NUMERICSERV);
365 		if (ec != 0)
366 			goto childerr;
367 
368 		if (asprintf(&portno, "%d", port) == -1)
369 			goto childerr;
370 
371 		if (asprintf(&ex, "%s/%s", dir, spath) == -1)
372 			goto childerr;
373 
374 		if (asprintf(&requri, "%s%s%s", spath,
375 		    *relpath == '\0' ? "" : "/",
376 		    relpath) == -1)
377 			goto childerr;
378 
379 		argv[0] = argv[1] = ex;
380 
381 		/* fix the env */
382 		safe_setenv("GATEWAY_INTERFACE", "CGI/1.1");
383 		safe_setenv("SERVER_SOFTWARE", "gmid");
384 		safe_setenv("SERVER_PORT", portno);
385 		/* setenv("SERVER_NAME", "", 1); */
386 		safe_setenv("SCRIPT_NAME", spath);
387 		safe_setenv("SCRIPT_EXECUTABLE", ex);
388 		safe_setenv("REQUEST_URI", requri);
389 		safe_setenv("REQUEST_RELATIVE", relpath);
390 		safe_setenv("QUERY_STRING", query);
391 		safe_setenv("REMOTE_HOST", addr);
392 		safe_setenv("REMOTE_ADDR", addr);
393 		safe_setenv("DOCUMENT_ROOT", dir);
394 
395 		if (tls_peer_cert_provided(c->ctx)) {
396 			safe_setenv("AUTH_TYPE", "Certificate");
397 			safe_setenv("REMOTE_USER", tls_peer_cert_subject(c->ctx));
398 			safe_setenv("TLS_CLIENT_ISSUER", tls_peer_cert_issuer(c->ctx));
399 			safe_setenv("TLS_CLIENT_HASH", tls_peer_cert_hash(c->ctx));
400 		}
401 
402 		execvp(ex, argv);
403 		goto childerr;
404 	}
405 
406 	default:		/* parent */
407 		close(p[1]);
408 		close(c->fd);
409 		c->fd = p[0];
410 		c->child = pid;
411 		mark_nonblock(c->fd);
412 		c->state = S_SENDING;
413 		handle_cgi(fds, c);
414 		return 0;
415 	}
416 
417 err:
418 	if (!start_reply(fds, c, TEMP_FAILURE, "internal server error"))
419 		return 0;
420 	goodbye(fds, c);
421 	return 0;
422 
423 childerr:
424 	dprintf(p[1], "%d internal server error\r\n", TEMP_FAILURE);
425 	close(p[1]);
426 	_exit(1);
427 }
428 
429 void
430 cgi_poll_on_child(struct pollfd *fds, struct client *c)
431 {
432 	int fd;
433 
434 	if (c->waiting_on_child)
435 		return;
436 	c->waiting_on_child = 1;
437 
438 	fds->events = POLLIN;
439 
440 	fd = fds->fd;
441 	fds->fd = c->fd;
442 	c->fd = fd;
443 }
444 
445 void
446 cgi_poll_on_client(struct pollfd *fds, struct client *c)
447 {
448 	int fd;
449 
450 	if (!c->waiting_on_child)
451 		return;
452 	c->waiting_on_child = 0;
453 
454 	fd = fds->fd;
455 	fds->fd = c->fd;
456 	c->fd = fd;
457 }
458 
459 void
460 handle_cgi(struct pollfd *fds, struct client *c)
461 {
462 	ssize_t r;
463 
464 	/* ensure c->fd is the child and fds->fd the client */
465 	cgi_poll_on_client(fds, c);
466 
467 	while (1) {
468 		if (c->len == 0) {
469 			if ((r = read(c->fd, c->sbuf, sizeof(c->sbuf))) == 0)
470 				goto end;
471 			if (r == -1) {
472 				if (errno == EAGAIN || errno == EWOULDBLOCK) {
473 					cgi_poll_on_child(fds, c);
474 					return;
475 				}
476                                 goto end;
477 			}
478 			c->len = r;
479 			c->off = 0;
480 		}
481 
482 		while (c->len > 0) {
483 			switch (r = tls_write(c->ctx, c->sbuf + c->off, c->len)) {
484 			case -1:
485 				goto end;
486 
487 			case TLS_WANT_POLLOUT:
488 				fds->events = POLLOUT;
489 				return;
490 
491 			case TLS_WANT_POLLIN:
492 				fds->events = POLLIN;
493 				return;
494 
495 			default:
496                                 c->off += r;
497 				c->len -= r;
498 				break;
499 			}
500 		}
501 	}
502 
503 end:
504 	goodbye(fds, c);
505 }
506 
507 void
508 send_file(char *path, char *query, struct pollfd *fds, struct client *c)
509 {
510 	ssize_t ret, len;
511 
512 	if (c->fd == -1) {
513 		if (!open_file(path, query, fds, c))
514 			return;
515 		c->state = S_SENDING;
516 	}
517 
518 	len = (c->buf + c->len) - c->i;
519 
520 	while (len > 0) {
521 		switch (ret = tls_write(c->ctx, c->i, len)) {
522 		case -1:
523 			LOGE(c, "tls_write: %s", tls_error(c->ctx));
524 			goodbye(fds, c);
525 			return;
526 
527 		case TLS_WANT_POLLIN:
528 			fds->events = POLLIN;
529 			return;
530 
531 		case TLS_WANT_POLLOUT:
532 			fds->events = POLLOUT;
533 			return;
534 
535 		default:
536 			c->i += ret;
537 			len -= ret;
538 			break;
539 		}
540 	}
541 
542 	goodbye(fds, c);
543 }
544 
545 void
546 send_dir(char *path, struct pollfd *fds, struct client *client)
547 {
548 	char fpath[PATHBUF];
549 	size_t len;
550 
551 	bzero(fpath, PATHBUF);
552 
553 	if (path[0] != '.')
554 		fpath[0] = '.';
555 
556 	/* this cannot fail since sizeof(fpath) > maxlen of path */
557 	strlcat(fpath, path, PATHBUF);
558 	len = strlen(fpath);
559 
560 	/* add a trailing / in case. */
561 	if (fpath[len-1] != '/') {
562 		fpath[len] = '/';
563 	}
564 
565 	strlcat(fpath, "index.gmi", sizeof(fpath));
566 
567 	send_file(fpath, NULL, fds, client);
568 }
569 
570 void
571 handle(struct pollfd *fds, struct client *client)
572 {
573 	char buf[GEMINI_URL_LEN];
574 	const char *parse_err;
575 	struct iri iri;
576 
577 	switch (client->state) {
578 	case S_OPEN:
579 		bzero(buf, GEMINI_URL_LEN);
580 		switch (tls_read(client->ctx, buf, sizeof(buf)-1)) {
581 		case -1:
582 			LOGE(client, "tls_read: %s", tls_error(client->ctx));
583 			goodbye(fds, client);
584 			return;
585 
586 		case TLS_WANT_POLLIN:
587 			fds->events = POLLIN;
588 			return;
589 
590 		case TLS_WANT_POLLOUT:
591 			fds->events = POLLOUT;
592 			return;
593 		}
594 
595 		parse_err = "invalid request";
596 		if (!trim_req_iri(buf) || !parse_iri(buf, &iri, &parse_err)) {
597 			if (!start_reply(fds, client, BAD_REQUEST, parse_err))
598 				return;
599 			goodbye(fds, client);
600 			return;
601 		}
602 
603 		LOGI(client, "GET %s%s%s",
604 		    *iri.path ? iri.path : "/",
605 		    *iri.query ? "?" : "",
606 		    *iri.query ? iri.query : "");
607 
608 		send_file(iri.path, iri.query, fds, client);
609 		break;
610 
611 	case S_INITIALIZING:
612 		if (!start_reply(fds, client, client->code, client->meta))
613 			return;
614 
615 		if (client->code != SUCCESS) {
616 			/* we don't need a body */
617 			goodbye(fds, client);
618 			return;
619 		}
620 
621 		client->state = S_SENDING;
622 
623 		/* fallthrough */
624 
625 	case S_SENDING:
626 		if (client->child != -1)
627 			handle_cgi(fds, client);
628 		else
629 			send_file(NULL, NULL, fds, client);
630 		break;
631 
632 	case S_CLOSING:
633 		goodbye(fds, client);
634 		break;
635 
636 	default:
637 		/* unreachable */
638 		abort();
639 	}
640 }
641 
642 void
643 mark_nonblock(int fd)
644 {
645 	int flags;
646 
647 	if ((flags = fcntl(fd, F_GETFL)) == -1)
648 		fatal("fcntl(F_GETFL): %s", strerror(errno));
649 	if (fcntl(fd, F_SETFL, flags | O_NONBLOCK) == -1)
650 		fatal("fcntl(F_SETFL): %s", strerror(errno));
651 }
652 
653 int
654 make_socket(int port, int family)
655 {
656 	int sock, v;
657 	struct sockaddr_in addr4;
658 	struct sockaddr_in6 addr6;
659 	struct sockaddr *addr;
660 	socklen_t len;
661 
662         switch (family) {
663 	case AF_INET:
664 		bzero(&addr4, sizeof(addr4));
665 		addr4.sin_family = family;
666 		addr4.sin_port = htons(port);
667 		addr4.sin_addr.s_addr = INADDR_ANY;
668 		addr = (struct sockaddr*)&addr4;
669 		len = sizeof(addr4);
670 		break;
671 
672 	case AF_INET6:
673 		bzero(&addr6, sizeof(addr6));
674 		addr6.sin6_family = AF_INET6;
675 		addr6.sin6_port = htons(port);
676 		addr6.sin6_addr = in6addr_any;
677 		addr = (struct sockaddr*)&addr6;
678 		len = sizeof(addr6);
679 		break;
680 
681 	default:
682 		/* unreachable */
683 		abort();
684 	}
685 
686 	if ((sock = socket(family, SOCK_STREAM, 0)) == -1)
687 		fatal("socket: %s", strerror(errno));
688 
689 	v = 1;
690 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &v, sizeof(v)) == -1)
691 		fatal("setsockopt(SO_REUSEADDR): %s", strerror(errno));
692 
693 	v = 1;
694 	if (setsockopt(sock, SOL_SOCKET, SO_REUSEPORT, &v, sizeof(v)) == -1)
695 		fatal("setsockopt(SO_REUSEPORT): %s", strerror(errno));
696 
697 	mark_nonblock(sock);
698 
699 	if (bind(sock, addr, len) == -1)
700 		fatal("bind: %s", strerror(errno));
701 
702 	if (listen(sock, 16) == -1)
703 		fatal("listen: %s", strerror(errno));
704 
705 	return sock;
706 }
707 
708 void
709 do_accept(int sock, struct tls *ctx, struct pollfd *fds, struct client *clients)
710 {
711 	int i, fd;
712 	struct sockaddr_storage addr;
713 	socklen_t len;
714 
715 	len = sizeof(addr);
716 	if ((fd = accept(sock, (struct sockaddr*)&addr, &len)) == -1) {
717 		if (errno == EWOULDBLOCK)
718 			return;
719 		fatal("accept: %s", strerror(errno));
720 	}
721 
722 	mark_nonblock(fd);
723 
724 	for (i = 0; i < MAX_USERS; ++i) {
725 		if (fds[i].fd == -1) {
726 			bzero(&clients[i], sizeof(struct client));
727 			if (tls_accept_socket(ctx, &clients[i].ctx, fd) == -1)
728 				break; /* goodbye fd! */
729 
730 			fds[i].fd = fd;
731 			fds[i].events = POLLIN;
732 
733 			clients[i].state = S_OPEN;
734 			clients[i].fd = -1;
735 			clients[i].child = -1;
736 			clients[i].buf = MAP_FAILED;
737 			clients[i].af = AF_INET;
738 			clients[i].addr = addr;
739 
740 			connected_clients++;
741 			return;
742 		}
743 	}
744 
745 	close(fd);
746 }
747 
748 void
749 goodbye(struct pollfd *pfd, struct client *c)
750 {
751 	ssize_t ret;
752 
753 	c->state = S_CLOSING;
754 
755 	ret = tls_close(c->ctx);
756 	if (ret == TLS_WANT_POLLIN) {
757 		pfd->events = POLLIN;
758 		return;
759 	}
760 	if (ret == TLS_WANT_POLLOUT) {
761 		pfd->events = POLLOUT;
762 		return;
763 	}
764 
765 	connected_clients--;
766 
767 	tls_free(c->ctx);
768 	c->ctx = NULL;
769 
770 	if (c->buf != MAP_FAILED)
771 		munmap(c->buf, c->len);
772 
773 	if (c->fd != -1)
774 		close(c->fd);
775 
776 	close(pfd->fd);
777 	pfd->fd = -1;
778 }
779 
780 void
781 loop(struct tls *ctx, int sock4, int sock6)
782 {
783 	int i;
784 	struct client clients[MAX_USERS];
785 	struct pollfd fds[MAX_USERS];
786 
787 	for (i = 0; i < MAX_USERS; ++i) {
788 		fds[i].fd = -1;
789 		fds[i].events = POLLIN;
790 		bzero(&clients[i], sizeof(struct client));
791 	}
792 
793 	fds[0].fd = sock4;
794 	fds[1].fd = sock6;
795 
796 	for (;;) {
797 		if (poll(fds, MAX_USERS, INFTIM) == -1) {
798 			if (errno == EINTR) {
799                                 warnx("connected clients: %d",
800 				    connected_clients);
801 				continue;
802 			}
803 			fatal("poll: %s", strerror(errno));
804 		}
805 
806 		for (i = 0; i < MAX_USERS; i++) {
807 			if (fds[i].revents == 0)
808 				continue;
809 
810 			if (fds[i].revents & (POLLERR|POLLNVAL))
811 				fatal("bad fd %d: %s", fds[i].fd,
812 				    strerror(errno));
813 
814 			if (fds[i].revents & POLLHUP) {
815 				/* fds[i] may be the fd of the stdin
816 				 * of a cgi script that has exited. */
817 				if (!clients[i].waiting_on_child) {
818 					goodbye(&fds[i], &clients[i]);
819 					continue;
820 				}
821 			}
822 
823 			if (fds[i].fd == sock4)
824 				do_accept(sock4, ctx, fds, clients);
825 			else if (fds[i].fd == sock6)
826 				do_accept(sock6, ctx, fds, clients);
827 			else
828 				handle(&fds[i], &clients[i]);
829 		}
830 	}
831 }
832 
833 char *
834 absolutify_path(const char *path)
835 {
836 	char *wd, *r;
837 
838 	if (*path == '/')
839 		return strdup(path);
840 
841 	wd = getwd(NULL);
842 	if (asprintf(&r, "%s/%s", wd, path) == -1)
843 		err(1, "asprintf");
844 	free(wd);
845 	return r;
846 }
847 
848 void
849 usage(const char *me)
850 {
851 	fprintf(stderr,
852 	    "USAGE: %s [-h] [-c cert.pem] [-d docs] [-k key.pem] "
853 	    "[-l logfile] [-p port] [-x cgi-bin]\n",
854 	    me);
855 }
856 
857 int
858 main(int argc, char **argv)
859 {
860 	const char *cert = "cert.pem", *key = "key.pem";
861 	struct tls *ctx = NULL;
862 	struct tls_config *conf;
863 	int sock4, sock6, enable_ipv6, ch;
864 	connected_clients = 0;
865 
866 	if ((dir = absolutify_path("docs")) == NULL)
867 		err(1, "absolutify_path");
868 
869 	cgi = NULL;
870 	port = 1965;
871 	foreground = 0;
872 	enable_ipv6 = 0;
873 
874 	while ((ch = getopt(argc, argv, "6c:d:fhk:p:x:")) != -1) {
875 		switch (ch) {
876 		case '6':
877 			enable_ipv6 = 1;
878 			break;
879 
880 		case 'c':
881 			cert = optarg;
882 			break;
883 
884 		case 'd':
885 			free((char*)dir);
886 			if ((dir = absolutify_path(optarg)) == NULL)
887 				err(1, "absolutify_path");
888 			break;
889 
890 		case 'f':
891 			foreground = 1;
892 			break;
893 
894 		case 'h':
895 			usage(*argv);
896 			return 0;
897 
898 		case 'k':
899 			key = optarg;
900 			break;
901 
902 		case 'p': {
903 			char *ep;
904 			long lval;
905 
906 			errno = 0;
907 			lval = strtol(optarg, &ep, 10);
908 			if (optarg[0] == '\0' || *ep != '\0')
909 				err(1, "not a number: %s", optarg);
910 			if (lval < 0 || lval > UINT16_MAX)
911 				err(1, "port number out of range: %s", optarg);
912 			port = lval;
913 			break;
914 		}
915 
916 		case 'x':
917 			cgi = optarg;
918 			break;
919 
920 		default:
921 			usage(*argv);
922 			return 1;
923 		}
924 	}
925 
926 	signal(SIGPIPE, SIG_IGN);
927 	signal(SIGCHLD, SIG_IGN);
928 
929 #ifdef SIGINFO
930 	signal(SIGINFO, sig_handler);
931 #endif
932 	signal(SIGUSR2, sig_handler);
933 
934 	if (!foreground)
935 		signal(SIGHUP, SIG_IGN);
936 
937 	if ((conf = tls_config_new()) == NULL)
938 		err(1, "tls_config_new");
939 
940 	/* optionally accept client certs, but don't try to verify them */
941 	tls_config_verify_client_optional(conf);
942 	tls_config_insecure_noverifycert(conf);
943 
944 	if (tls_config_set_protocols(conf,
945 	    TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3) == -1)
946 		err(1, "tls_config_set_protocols");
947 
948 	if (tls_config_set_cert_file(conf, cert) == -1)
949 		err(1, "tls_config_set_cert_file: %s", cert);
950 
951 	if (tls_config_set_key_file(conf, key) == -1)
952 		err(1, "tls_config_set_key_file: %s", key);
953 
954 	if ((ctx = tls_server()) == NULL)
955 		err(1, "tls_server");
956 
957 	if (tls_configure(ctx, conf) == -1)
958 		errx(1, "tls_configure: %s", tls_error(ctx));
959 
960 	sock4 = make_socket(port, AF_INET);
961 	if (enable_ipv6)
962 		sock6 = make_socket(port, AF_INET6);
963 	else
964 		sock6 = -1;
965 
966 	if ((dirfd = open(dir, O_RDONLY | O_DIRECTORY)) == -1)
967 		err(1, "open: %s", dir);
968 
969 	if (!foreground && daemon(0, 1) == -1)
970 		exit(1);
971 
972 	if (unveil(dir, "rx") == -1)
973 		err(1, "unveil");
974 
975 	if (pledge("stdio rpath inet proc exec", NULL) == -1)
976 		err(1, "pledge");
977 
978 	/* drop proc and exec if cgi isn't enabled */
979 	if (cgi == NULL && pledge("stdio rpath inet", NULL) == -1)
980 		err(1, "pledge");
981 
982 	loop(ctx, sock4, sock6);
983 
984 	close(sock4);
985 	close(sock6);
986 	tls_free(ctx);
987 	tls_config_free(conf);
988 }